printer friendly version

Access control and T&A in education­

In the modern day and age that we live in, certain aspects of daily life have become important to control, monitor and measure. Two of those aspects are who has access to our education facilities and whether our educators and students are attending to their responsibilities in the education system.

To be able to achieve this we utilise systems and procedures to manage these processes. Historically this would consist of attendance registers and clock card systems, but due to the unique challenges we face and the advancement of technology it has become necessary to deploy newer and more advanced systems that negates many of the possible loopholes as well as automating management and reporting to a large degree.

This management is done in three basic ways. First would be something that we have – a key or a proximity card of some type. Second would be something that we know – typically a password or key pin. Third and last is something that we are – biometric measurements of unique physical attributes of the human body.

The first and second (something we know or something we have) is problematic as the knowledge or device can be shared with a third-party person. In time and attendance (T&A) parlance, we speak about buddy-clocking. This is not a uniquely South African issue, but it certainly is rife with both government and commercial entities reporting massive financial losses due to ghost employees and buddy-clocking.

The advantage that biometrics have over these systems are that a fingerprint or facial characteristic cannot be shared with another person thereby nullifying the buddy-clocking phenomenon. This however does not mean that biometrics are immune to any form of fraud or circumvention.

As with anything in life, not all devices are equal. Facial recognition systems are prone to rejecting users due to facial changes that occur in the course of daily life i.e. spectacles, facial hair etc. Generally, facial recognition is not seen as a mature stand-alone technology.

Fingerprint biometrics too has a vulnerability of being by-passed. The reasons for this are mainly two-fold.

Firstly, fingerprint scanners are divided into levels. Level 1 being very basic in its operation therefore they have a massive vulnerability to spoof or fake fingerprints. They are however, cheap and very inviting to the end user because of this.

Level 2 fingerprint scanners are much more intrinsic with technologies built into them to stop the use of fake or spoof fingerprints and also processes that determine whether a fingerprint belongs to an actual living breathing human being. Level 2 fingerprint scanners are much more expensive but they tend to last longer than their cheaper counterparts do, and over the long run amortises the capital expenditure better than Level 1 scanners. Secondly, build quality is an issue. Cheaper units tend to have a very limited operational lifespan resulting in false rejections, frustrations by users and eventually, replacement of the units.

When considering a biometric system the end-user must look at build quality, technologies and processes built into the device to minimise weaknesses and loopholes, but, as important as the previous, that the devices adhere and conform to labour relations and privacy legislation. The end-user must ensure that the device complies with the POPI Act (Protection of Personal Information Act 4 of 2013). Once the aforementioned conditions are met, the end-user will have a system that is correct for his application.

Share this article:

Further reading: